Questions tagged [impact]

The measurable quantity of resources that is lost or gained as the result of making a security decision.

8 questions
7
votes
6 answers

How important is it to protect demo data by HTTPS enabled server?

If the application is not in production mode, there is no commercial contract signed with customer yet, and you just want to give a link to the customer (or give the demo yourself) so that they can experience the app themselves, then how important…
gurvinder372
  • 823
  • 2
  • 8
  • 9
6
votes
3 answers

Can you provide loss values on security breaches?

When someone says "why do we need to spend so much money and effort on security, we need to focus on market share first and once someone finds a problem we will fix it", I would like to have a list of security breaches which involved severe…
user2193
4
votes
1 answer

What is the impact of certificate validation level (or class) on deployed web applications?

Certificates can have a class level (or validation level). What is the impact of these levels on deployed web applications? More specifically: Is the certificate level included in the certificate itself? Can a level 1 certificate be used to deploy…
4
votes
2 answers

Does CVSS v3 evaluate the impact of vulnerability on the host?

Recently after checking out the Heartbleed vulnerability I was taking a look at its CVSS score (AV:N/AC:L/Au:N/C:P/I:N/A:N) and noticed the following (partial) addendum: CVSS V2 scoring evaluates the impact of the vulnerability on the host where…
Juxhin
  • 143
  • 4
1
vote
2 answers

CVSS3.0 impact score and exploitability score

I'm having some trouble calculating CVSS v3.0 scores in some findings I've encountered. In particular, one finding is a simple server information disclosure via default error pages. It is very similar to the following:…
user1118764
  • 401
  • 5
  • 12
1
vote
2 answers

Calculating Business Impact of Technical Vulnerability Issues

Is there any predefined, globally accepted methodology, framework or standard specifically on calculating Business Impact of technical (Network, Web, Mobile..) vulnerability issues? Scoring and calculating the impacts are key concerns I am…
Anuruddha
  • 31
  • 1
  • 4
0
votes
1 answer

Certificate Signed Using Weak Hashing Algorithm impact on a workstation

I did a vulnerability scan on some of our company workstations. These are workstations used by employees (dev, HR, accounting, etc.) to do their job. One of the common result I found is SSL/TLS Certificate Signed Using Weak Hashing Algorithm. Based…
Finn
  • 13
  • 5
-4
votes
1 answer

Impact of remote OS command injector attack

I observed that my system is vulnerable to remote OS command injector attack. What would be the impact of Remote OS command injector attack?